VYPR

Openclaw

by OpenClaw

npm: openclaw

Source repositories

CVEs (537)

  • CVE-2026-43535MedMay 5, 2026
    risk 0.37cvss 6.8epss 0.00

    OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization context. Attackers can exploit this by sending multiple queued messages to drain…

  • CVE-2026-41397MedApr 28, 2026
    risk 0.37cvss 6.8epss 0.00

    OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror…

  • CVE-2026-41392MedApr 28, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen…

  • CVE-2026-41360MedApr 23, 2026
    risk 0.37cvss 6.7epss 0.00

    OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution…

  • CVE-2026-53861MedJun 16, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the intended allowlist check by using combined flag forms, potentially allowing…

  • CVE-2026-53820MedJun 12, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions…

  • CVE-2026-53818MedJun 11, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute…

  • CVE-2026-53859MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to reach destinations that operators…

  • CVE-2026-53854MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or…

  • CVE-2026-53844MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory…

  • CVE-2026-53839MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to…

  • CVE-2026-53830MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected…

  • CVE-2026-53827MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and…

  • CVE-2026-53825MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify…

  • CVE-2026-53824MedJun 12, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token…

  • CVE-2026-53815MedJun 11, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature,…

  • CVE-2026-53808MedJun 11, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply…

  • CVE-2026-35673MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect…

  • CVE-2026-43579MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify…

  • CVE-2026-43577MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy…

Page 9 of 27